Hacker Newsnew | comments | ask | jobs | submitlogin
Mozilla Lightbeam – Relationships between third parties and the sites you visit (mozilla.org)
203 points by casca 172 days ago | comments


casca 172 days ago | link

Interesting that they use the list of trackers from TrackerBlock[1]. The license provided is:

    We reserve our copyright as to commercial applications but please contact us if you are interested in licensing for non-profit or educational uses.

    Our source code is available to review for your assurance.
In their extension, the "trackers.json" file is dated as 8/Feb/2012, so almost 2 years old now.

[1] https://addons.mozilla.org/en-US/firefox/addon/trackerblock/

-----

GhotiFish 172 days ago | link

... why was this downvoted?

-----

yk 172 days ago | link

Looks interesting, just to take it for a quick spin I tested it with a small set of bookmarks. [1] Then I deactivated noScript and Disconnect and reactivated them individually. (Screenshots at http://imgur.com/a/fRrnp ).

So the result is, that there are three sites which do not incorporate third party connections whatsoever (DDG, HN, fefe). Without the addons, the other sites form a connected graph. With disconnect, the graph is less strongly connected. With only noScript, it starts to fall apart. With both activated, the primary sites are disconnected. ( But the combination apparently breaks something, since a second Guardian primary node appears.)

A few caveats, first of all this is of course not reproducible, since it depends on my whitelists for noScript and Disconnect. And the test set is of course not representative for anything except itself. And absence of a edge in the graph does not mean absence of a connection. But with this in mind, I found it quite interesting how connected even a small test set is.

[1] guardian.co.uk zeit.de blog.fefe.de reddit.com http://natmonitor.com/2013/10/24/ghostly-shape-of-coldest-pl... ( from reddit) duckduckgo.com http://linuxreviews.org/kde/screenshot_in_kde/ (from DDG search)

-----

sp332 172 days ago | link

This looks like a cool upgrade to Mozilla's Collusion add-on, which is no longer available. https://www.mozilla.org/en-US/collusion/ Edit: It even gave me a pop-up warning me that it's overwriting my Collusion data.

-----

r0h1n 172 days ago | link

Lightbeam is the new Collusion

> Lightbeam began in July 2011 as Collusion, a personal project by Mozilla software developer Atul Varma. Inspired by the book The Filter Bubble, Atul created an experimental add-on to visualize browsing behavior and data collection on the Web.

> In September 2012, Mozilla joined forces with students at Emily Carr University of Art + Design to develop and implement visualizations for the add-on. With the support of the Ford Foundation and the Natural Sciences and Engineering Research Council (NSERC), Collusion has been re-imagined as Lightbeam and was launched in the fall of 2013.

-----

ozten 172 days ago | link

https://github.com/mozilla/lightbeam

-----

Udo 172 days ago | link

What I would really like is a plugin that defaults the browser to incognito / private mode when using certain sites. For example, automatically search google.com as if I'm not logged into Gmail.

-----

r0h1n 172 days ago | link

I'm curious - after the first few "wow, nice visualization!", how does this add-on improve the experience of someone already running add-ons like Disconnect or Ghostery?

-----

sp332 172 days ago | link

Well, you could make sure they're working? Or double-check that none of your whitelisted sites are doing anything too suspicious. Or maybe just for gloating :)

-----

hnha 172 days ago | link

It does not seem to monitor actual requests but only references. I block a lot of domains but they still appeared in this add-on.

-----

sp332 172 days ago | link

How are you blocking them? Sites blocked by RequestPolicy and Ghostery don't show up.

-----

hnha 172 days ago | link

In my router! I guess it returns a.status that the tool interprets successful connection.

-----

sp332 172 days ago | link

It probably counts when the request is made, without waiting for a connection to be successful.

-----

cpeterso 172 days ago | link

Is this part of the Cookie Clearinghouse project? I wish there was more information about the crowdsourcing data collection. What data is collected and how will it be used?

-----

buster 172 days ago | link

So it's like a fancy display of adblock/ghostery (who tracks me on which site) with a correlation of the sites i already visited... ok.. i'm sticking to just some adblocker :)

-----

ciupicri 172 days ago | link

I have:

    network.http.sendRefererHeader;0
    network.http.sendSecureXSiteReferrer;false
and Lightbeam doesn't show anything until I reset them. Though I have a feeling that I'm still being tracked.

-----

Amadou 172 days ago | link

FWIW, the RefControl add-on gives you more fine-grained control.

I use it to spoof the referrer as the root of the site when I link in and then the correct referrer when navigating within the site. In some rare cases I force the referrer to be google, that lets you past some paywalls.

https://addons.mozilla.org/en-us/firefox/addon/refcontrol/

-----

Udo 172 days ago | link

Your enemy is 3rd-party cookies, not referer headers. This just makes it harder for sites to do mostly harmless analytics and in some cases it actually prevents security features from working correctly.

-----

ciupicri 172 days ago | link

Indeed, there are a couple of site that don't work at all or require an extra step; if I remember correctly, most of them mumble something about CSFR and are based on Django. For example I can't log in to Launchpad [1] or Coursera or I'm required to push "I'm a human" button on the Fedora Accounts System website.

[1]: https://bugs.launchpad.net/canonical-identity-provider/+bug/...

-----

taf2 172 days ago | link

Yeah you do still get tracked but you really screw up any sort of referrer tracking - you'll appear to be coming directly to every page you visit. Also in some cases you may be blocked because you may look like a bad crawler...

-----

ciupicri 172 days ago | link

It happened to me with http://blog.bodhizazen.net/ because of some stupid anti-spam Wordpress plugin.

-----

hrjet 172 days ago | link

As a way to demonstrate to a lay user the insidious relationships on the web, it is pretty cool.

However, this doesn't seem like a good way to collect good quality crowd-sourced data. It can be easily poisoned, and there are simpler alternatives, such as crawling and analyzing the links by themselves. (I am assuming that an entity like Mozilla would have sufficient resources for that).

-----

davidascher 172 days ago | link

Crawling is certainly a complementary data collection strategy, but it's harder to avoid IP-based "filter bubble" effects w/out also deploying something akin to a bot. The hope is that by using real people using real browsers we'll collect data that reflects actual-behavior-in-the-wild.

You're right that poisoning is a potential problem if/when the data ends up useful enough to warrant poisoning.

-----

shmerl 172 days ago | link

Ah, I thought it's some new add-on. It used to be called Collusion.

-----




Lists | RSS | Bookmarklet | Guidelines | FAQ | DMCA | News News | Feature Requests | Bugs | Y Combinator | Apply | Library

Search: